Towards a structured unified process for software security

2004

Abstract: The development and maintenance of network and data security in software systems is done in a late phase of design and coding or during deployment, often in an ad-hoc manner. Network monitoring and recovery, encryption protocols, best practices for combating cyber-crime, or disaster recovery planning are useful methodologies applied to enforce security of a deployed system. Nevertheless these are not enough to protect from attacks directed to software vulnerabilities hidden at design and code level.

2017

Softwares have become an integral part of everyday life. Every day, millions of people perform transaction through various applications run by these softwares as internet, ATM, mobile phone, email etc. Softwares are used by people bearing in mind that it is reliable and can be trusted upon and the operations they perform is secure. Now, if these softwares have ensembled security holes, then how can they be safe for use? Security brings value to software in terms of people’s trust. The value provided by secure software is of vital importance because many critical functions are entirely dependent on the software. Because of the limitation of budget and release time of the software into the market, many developers consider security as an afterthought thus resulting in poor quality software. In the early days, software security was only considered as part of software testing but, later on, it has been experienced that security is not an afterthought in case of software development[16][1...

Ijca Proceedings on International Conference on Information and Communication Technologies, 2014

Security is a serious problem in software development which when not taken into consideration, exploits vulnerabilities in software. Such security related problems need to be addressed as early as possible while building software. Security problems exist for many reasons. A major thing is that, software cannot resist security attacks. Software security vulnerabilities are often caused due to the flaws that might be in specification, design, implementation or testing. These flaws are unknowingly injected by the software developers during development or left unnoticed by the software testers while testing for defects in software. This requires that developers and testers use methods that consistently produce secure software, which results in a defect less product. Security must be integrated into the software development life cycle from the beginning and must persist until the product is in use. This paper brings out the security deliberation that have to be paid due attention in the various phases of software development life cycle while developing a software.

2007

Alone we can do so little; together we can do so much.' -Helen Keller-My sincerest gratitude to the following people: · My supervisor, Prof Rossouw von Solms, for his invaluable support and guidance; · My special friend and colleague, Cheryl Schröder, for believing in me and encouraging me every step of the way; · My editorial team, Bron Kaplan and Debbie Box, for their dedication and commitment ; · My family, friends and colleagues, for their everlasting support and understanding.

World Journal of Advanced Research and Reviews

Software development security refers to the practice of integrating security measures and considerations throughout the software development lifecycle to ensure the confidentiality, integrity, and availability of software systems. It involves identifying, mitigating, and eliminating security vulnerabilities and threats that could be exploited by attackers. The goal of this paper is to survey the various concepts and methodologies directed towards software security, and the identification of any missing gaps. Based on the findings, it is noted that the development of secure software requires a proactive and comprehensive approach. It begins with establishing secure design principles and incorporating security requirements from the initial stages of development. Here, secure coding practices, such as input validation, output encoding, and secure authentication and authorization mechanisms, are employed to prevent common security vulnerabilities. In addition, regular security testing, ...

2007

Secure software engineering is a big challenge. This is mainly due to the increasing complexity, openness and extensibility of modern applications, which make a complete analysis of security requirements very hard. The overall problem space is consequently no longer easily comprehensible for developers. This paper is an attempt to explore some of these issues underlying secure software engineering. We propose a secure software engineering framework, which suggests considering secure software engineering along four different, but complementary, views. Each view is capturing a particular relevant aspect of secure software engineering. Our motivations for developing this framework are to: (a) help understand and clarify the secure software engineering domain, (b) guide in classifying and comparing both secure software and securing approaches and (c) help researchers to identify new research axes.

Issues in Informing Science and Information Technology, 2006

Software security breaches are now very extremely common and a larger percentage is caused by software design defects. Since individuals and organizations now completely depend on software systems for their day-today operations, it is then important to produce secure software products. This paper discusses the problems of producing secure software products and provides a model for improving software security. The model-Secure Software Development Model (SSDM), is unified model that integrates security engineering with software engineering so as to ensure effective production of secure software products. Supporting structure in form of laws is also presented to guide developers throughout the development process. We then present our experience that validates the model.

Proceedings of the International Conference on Computer Systems and Technologies and Workshop for PhD Students in Computing - CompSysTech '09, 2009

Assurance has been a major topic for critical systems. Assurance is usually associated with safety conditions but has also an important role for checking security requirements. Security is best assured if it is addressed holistically, systematically, and from the very beginning in the software's development process. We propose to integrate assurance and system development by letting the different stages of the system development life-cycle be mapped to the structure of the assurance case.

Information Security Journal: A Global Perspective, 2009

This paper provides a taxonomy of secure software systems engineering (SSE) by surveying and organizing relevant SSE research and presents current trends in SSE, on-going challenges, and models for reasoning about threats and vulnerabilities. Several challenging questions related to risk assessment/mitigation (e.g., "what is the likelihood of attack") as well as practical questions (e.g., "where do vulnerabilities originate" and "how can vulnerabilities be prevented") are addressed.

Proceedings of the 10th Wseas International Conference on Computers, 2006

Software tend to be omnipresent in all modern systems. It often manipulates critical resources which interests pirates and need to be secured. Given the fact that most common software attacks can't be stopped or detected using conventional security mechanisms, malicious intruders try hack into systems by exploiting a software vulnerability. Vulnerabilities result from the use of traditional development processes-not focusing on security concerns-and the lack of necessary knowledge and guidance on how to produce secure software. They include implementation bugs such as buffer overflows and design flaws such as inconsistent error handling. Several efforts are undertaken, to improve secure software engineering, however, developers still miss or misuse acquired knowledge due to domain immaturity, newness of the field, process complexity and absence of environments supporting such development. This paper presents our approach addressing software application security issues through its development process using a strategy oriented process model. The main feature of the proposed process model is that it provides a two level guidance: 1) a strategic guidance helping the developer to choose one among a compilations of the existing methods, standards and best practices and 2) a tactic guidance helping the developer to achieve his selection. This process model is easily extensible and allows building customized processes adapted to the context, the developer's finalities and the product state.